As King Solomon tells us in Proverbs 6:16-18, one of the seven things most hated by God is a “heart that deviseth wicked plots. “ And today, as giant retailer Target scrambles to manage the fallout from last month’s massive data hack that intercepted its customers’ credit card information, digital security experts point to weaknesses in the system that allow such wicked pelts to succeed.
The data swipe happened on Black Friday – the annual post Thanksgiving retail-athon that puts millions of credit and debit cards to work nationwide. It involved cards from a variety of issuers – banks, credit unions and other institutions – and included data such as customer names, card numbers, expiration dates and security codes. That information can be used to make purchases on the account or to generate bogus cards.
According to the Consumer Financial Protection Bureau, Target may have been partially responsible for the problem. Although no one knows yet exactly how the data hack happened, or who was responsible, security professionals believe that the hackers were able to get access to point-of-sale data – the information read from a card swiped through a card reader upon checkout – -and were able to intercept it on its way to Target’s databases.
The problem points up a basic flaw in how card data is managed, say security experts. Not all retailers use sophisticated encryption technology, and it’s all too easy for hackers to collect data from unsecured point of sale terminals and credit card readers.
That suggests, say representatives of the CFPB and other digital security experts, that Target may not have taken enough steps to protect information carried on cards – including encryption measures. And although Target began notifying affected customers fairly quickly, it didn’t announce the incident until several days after it occurred.
Card issuers, including major banks Bank of America, JP Morgan Chase and numerous regional banks and credit union, moved to assure customers that their accounts were protected. Measures included limiting ATM withdrawals and imposing purchase limits on cards involved in the incident.
But those measures aside, representatives of the CFPB remind consumers that it’s largely their own responsibility to ensure the safety of their accounts. They advise cardholders – whether they’ve shopped at Target or not – to carefully monitor all receipts and account activity, and report discrepancies to card issuers.
If there’s any suspicion of a breach, experts advise getting a replacement card and changing PINs and passwords immediately. Changing passwords frequently is a good idea even if there’s no question of a break-in – and it’s wise to choose passwords that aren’t obvious or commonplace.
Target and the card issuers involved say they’re taking steps to protect consumers and make sure that data thefts like this never happen again. But even so, smart consumers need to stay aware and in charge of their financial affairs, as Jason Hartman recommends – and keep a careful watch on accounts, not just this holiday season but all year round. (Top image: Flickr/The Consumerist)
Learn investing secrets from the experts at Jason Hartman’s Meet the Masters of Investing Event in Irvine, CA, January 18-19,2014. Read more here.
The Solomon Success Team